Re: Don't use S-boxes!
From: karl malbrain (karl_m_at_acm.org)
Date: 11/29/04
- Next message: Douglas A. Gwyn: "Re: master PW opens all crypto?"
- Previous message: WinTerMiNator: "Re: Disk encryption tools...?"
- In reply to: BRG: "Re: Don't use S-boxes!"
- Next in thread: Douglas A. Gwyn: "Re: Don't use S-boxes!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Nov 2004 11:41:30 -0800
BRG <brg@nowhere.org> wrote in message news:<41a24168$0$70761$ed2619ec@ptn-nntp-reader01.plus.net>...
> karl_m@acm.org wrote:
> > BRG wrote:
> >
> >
> >>My published AES code can be configured to use tables from 256 bytes
> >>upwards - that is 256 bytes for encrypt and 256 bytes for decrypt.
> >>
> >>256 byte tables are very slow but 1024 byte tables provide good
> >>performance with greater resistance to this sort of timing attack.
> >
> >
> > Do you have the necessary RDTSC instrumentation in place to produce
> > cycles-per-byte figures? On the insistance of Professor Wagner, I
> > recently added these to the REFERENCE IMPLEMENTATION I maintain at
> > www.geocities.com/malbrain/aestable.html
> > Feel free to lift the relevant sections if you need them.
>
> In short, yes, I produce cycles/byte figures using a standard timing
> harness that uses the RDTSC on the x86.
What STANDARD DEVIATION do you obtain for a few independent calls?
> My timing code is available on my site but, more recently, Christophe
> Devine and I developed the AES timing code that he has made available here:
>
> http://www.cr0.net:8040/code/crypto/aesbench.tgz
Yes, I've downloaded and configured your implementation. karl m
- Next message: Douglas A. Gwyn: "Re: master PW opens all crypto?"
- Previous message: WinTerMiNator: "Re: Disk encryption tools...?"
- In reply to: BRG: "Re: Don't use S-boxes!"
- Next in thread: Douglas A. Gwyn: "Re: Don't use S-boxes!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
